Vulnerability Description
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.
CVSS Score
NONE
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Deck | >= 1.9.0, < 1.9.5 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcPatch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-xExploitPatchVendor Advisory
- https://hackerone.com/reports/2058556ExploitIssue TrackingThird Party Advisory
- https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcPatch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-xExploitPatchVendor Advisory
- https://hackerone.com/reports/2058556ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2024-22213?
CVE-2024-22213 is a vulnerability with a CVSS score of 0.0 (NONE). Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious c...
How severe is CVE-2024-22213?
CVE-2024-22213 has been rated NONE with a CVSS base score of 0.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22213?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Deck.